- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
streamfwd SSL decryption error (DSSL library error code -41)
Hi,
I am testing "App For Stream" App(6.6.1) to capture https traffics. I added pem file to keystore.db as descr. belowlink
http://docs.splunk.com/Documentation/StreamApp/6.6.1/DeployStreamApp/EnableSSLforStreamForwarder
But i am getting errors in streamfwd.log. (DSSL library error code -41)
Error line:
2016-10-17 17:37:02 WARN 11592 stream.SnifferReactor - SSL decryption error (DSSL library error code -41) (ssl) [c=yyyyyyy:61914, s=xxxxxx:8282]
Anyone can help me?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The issue appears to be caused by the Extended Master Secret Key extension (https://tools.ietf.org/html/rfc7627) being negotiated between the client and the server. Stream currently doesn't support this extension, so the workaround would be to turn it off on the server side.
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ekremikizoglu,
This is a rather rare error - it basically indicates a symmetric decryption failure. Do you happen to know what TLS version/cipher suite is been negotiated? (you can use Stream to track it by capturing tcp traffic and enabling ssl_cipher_name and/or ssl_cipher_id fields)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I generated this certificate on iis server ,Self signed TLS1.2 RSA AES_256_GCM, for testing decription feature of stream app. I published website and enable ssl communication. Then i installed splunk to capture https traffic. But i got the error.
